Gamers abused with credential stuffing

Credential stuffing is a cyber-attack where fraudsters use large numbers of stolen credentials to log into individuals’ or companies’ accounts. This cyber-attack type is on the rise due to the high number of data breaches in the past years.

A successful credential abuse attack steals the victim’s account and puts the owner’s credit card information as well as in-game assets at risk. Worth noting – veteran players might have thousands of dollars worth of items in their game inventory.

While credential abuse attacks are rarely discussed, data reveals that it is a wide-spread issue. Hackers attacked gamers a staggering 9.83 billion times from July 2018 to June 2020.

Data shows that the top 5 countries are responsible for 49.32% of all fraudulent login attempts to user accounts. The US, Russia, Canada, China, and Germany are responsible for 4.85 billion attacks out of the 9.83 billion intrusion attempts globally.

It appears that most credential abuse originates from the United States. However, it is worth noting that hackers often change their IP addresses when carrying out these attacks. Meaning, the locations provided should be looked at with a grain of salt.

Gamers lose ?

The study asked players what they are most worried about if their account gets hacked. The most common answer was credit card information, with 49.1% of respondents stating it as their biggest concern

The concern of losing in-game assets is valid as a single special weapon can cost hundreds of dollars and, in rare cases, up to thousands of dollars.

Password hygiene

You can avoid the devastating financial losses, account takeovers, and emotional distress by following these simple rules:

  • Do not reuse passwords.
  • Make use of password managers. 
  • Deploy two-factor authentication (2FA).
  • Check if your email was compromised on haveibeenpwned website. 

Zoom 2FA goes for all

Zoom has announced that it has added two-factor authentication (2FA) support to all user accounts to make it simpler to secure them against security breaches and identity theft.

With 2FA, Zoom users will have an extra layer added to the authentication process, blocking attackers from take control of their account by guessing their password or using compromised credentials.

Zoom accounts secured using 2FA will require you to enter a one-time code from a mobile authenticator app or received via SMS or phone call, in addition to the account’s password, before allowing you to sign in to the Zoom web portal, desktop client, mobile app, or Zoom Room.

“With Zoom’s 2FA, users have the option to use authentication apps that support Time-Based One-Time Password (TOTP) protocol (such as Google Authenticator, Microsoft Authenticator, and FreeOTP), or have Zoom send a code via SMS or phone call, as the second factor of the account authentication process,” .

“Zoom offers a range of authentication methods such as SAML, OAuth, and/or password-based authentication, which can be individually enabled or disabled for an account.”

Zoom 2FA